Sherman's Security Blog
I am Sherman Hand. (also known as Policysup) I have created this blog and will use a part of my day to write about what is going on in the world. I hope to discuss things in a down to earth and practical way. I hope to hear back from you on your thoughts. I do not in any way intend to speak for my employer. The content of this blog will be either opinions that are strictly mine, general observations,re posts, or information that is already in the public domain.

Proficient penetration testing, otherwise called ethical hacking, is among the most energizing IT occupations any individual can be associated with. You are truly getting paid to stay aware of the most recent innovation and get the opportunity to “break in” to PCs without the danger of being captured. There’s no drawback. For whatever length of time that you make a capable showing with regards to, the individual who contracted you will be happy with the result of your work. On the off chance that you figure out how to break into their assets, they get an opportunity to close the gaps priory the malicious actors discover them. If you fail to break into the customer’s computer, it either means that the system is well secured or you are not capable enough to prove your skills.Most expert penetration testers move toward becoming “pen testers” one of two ways. It is possible that they pick up hacking skills all alone or they take formal instruction classes. Today we are going to discuss about some best certification courses that are more than enough to teach you penetration testing and grab you job in the field as a penetration tester.

Certification isn’t generally important to learn a new skill, however picking up an certification demonstrates potential employers that you sufficiently adapted about an educational modules and finished an knowledge test about the material. Moreover, some employers prefer or require particular certifications for particular positions.

First lets talk about the difference between Penetration Tester Vs. Vulnerability Assessor.

There’s a lot of confusion about the difference between Penetration Testers and Vulnerability Assessors.

“Penetration Tests are designed to achieve a specific, attacker-simulated goal and should be requested by customers who are already at their desired security posture. A typical goal could be to access the contents of the prized customer database on the internal network, or to modify a record in an HR system.”

“Vulnerability Assessments are designed to yield a prioritized list of vulnerabilities and are generally for clients who already understand they are not where they want to be in terms of security. The customer already knows they have issues and simply need help identifying and prioritizing them.”

In simple terms, Vulnerability Assessors are list-orientated and Pen Testers are goal-orientated.

Now for those Certifications.

Certified Ethical Hacker

The EC-Council’s Certificate Ethical Hacker (CEH) is effectively the most seasoned and most well-known penetration course. The official course, which can be brought on the web or with a live face to face educator, contains 18 distinctive subject spaces including traditional hacking subjects, in addition to modules on malware, remote, cloud and versatile stages. The full remote course is offered for $1,850, and incorporates a half year of access to the online Cyber Range iLab, which will enable understudies to rehearse more than 100 hacking labs. For correlation, CBT Nuggets offers CEH preparing for $80 every month, which incorporates numerous other possible exam preparations.

SANS GPEN

SysAdmin, Networking, and Security (SANS) Institute is a profoundly regarded preparing association, and anything they educate alongside their certifications are enormously regarded by IT security specialists. SANS offers various pen testing courses and accreditations, however its base GIAC Penetration Tester (GPEN) is a standout amongst the most well-known.

The official course for the GPEN, SEC560: Network Penetration Testing and Ethical Hacking, can be taken on the web for $5,910 or live face to face in $6,260. The GPEN exam is $1,699 per exam endeavor. It has 115 questions, a three-hour time limit, and requires a 74 percent score to pass. No particular preparing is required for any GIAC exam. The GPEN is secured on GIAC’s general code of ethics, which they consider important as authenticated to by a running count of exam passers who have been disqualified for violating the code.

Offensive Security Certified Professional (OSCP)

The Offensive Security Certified Professional (OSCP) certification has been around for a little more than 10 years and has picked up an all-around reputation for toughness with an exceptionally hands-on learning structure and exam. The authority on the web, self-managed $800 instructional class is called Penetration Testing with Kali Linux and incorporates 30 days of lab access. Since it depends on Kali Linux (the successor to pen analyzers’ most loved Linux distro, BackTrack), members need a fundamental comprehension of how to utilize Linux, bash shells and contents.

CREST

Globally, the not-revenue driven CREST data confirmation accreditation and affirmation body’s pen test courses and exams are usually acknowledged in numerous nations, including the United Kingdom, Australia, Europe, and Asia. Peak’s main goal is to instruct and affirm quality pen analyzers. All CREST-endorsed exams have been inspected and affirmed by the UK’s Government Communication Headquarters (GCHQ), which is analogous to the United States’ NSA.

Crest’s fundamental pen testing exam is known as the CREST Registered Tester (or CRT), and there are exams for web and infrastructure pen testers. Exams and expenses change by nation, yet in Australia; for instance, the CRT exam cost $1,000. Crest test takers must survey and recognize the CREST Code of Conduct. The Offensive Security OSCP certification can be utilized to acquire the CRT.

People sitting in a non-certification class are often checking email, surfing the web, and not paying attention. People sitting in certification classes are usually paying attention, listening, and asking questions. Employers know the difference. Therefore, the candidate with certification gets more priority than any other ordinary candidate. Moreover, in the field of ethical hacking and cybersecurity the employer always seek for skilled candidates who know how to perform effectively.